1-Click GitHub Token Stealing via a VSCode Bug
submitted by /u/nicovank13 [link] [留言]
找到 1396 篇相关文章
submitted by /u/nicovank13 [link] [留言]
Qwen3.7-Plus has appeared on Qwen's official research release page, with a release date of June 1, 2026. Chinese media covered the launch on June 2. The important part is not that Qwen 3.7 Plus can understand images. The bigger signal is that Qwen is pushing it as a multimodal agent model: vision, language, coding, tool use, and productivity workflows inside one task loop. For developers, the real question is simple: can it keep the same goal across software screens, web pages, screenshots, code, terminal output, and tool calls long enough to finish useful work? If your team is evaluating new agent models, keep the model shortlist in one place and compare quality, latency, cost, and failure modes by task: Compare AI models on WisGate . What Is Qwen3.7-Plus? Qwen3.7-Plus is a multimodal agent model from Qwen. Qwen describes it as an agent foundation that unifies vision and language. It builds on the Qwen3.7 text backbone, adds stronger vision-language capabilities, and keeps the agent-oriented strengths developers care about: coding, tool use, and productivity workflows. That makes it different from a basic image-question-answering model. The more useful use cases look like this: Read a UI screenshot and decide the next action. Combine web pages, docs, charts, screenshots, and text context. Turn a design or product screen into maintainable code. Use tools to verify results instead of only returning static answers. Move between GUI, CLI, browser, and code environments during one task. That is why Qwen3.7-Plus should be evaluated as an agent model first, not just as another chat model with vision support. Why This Release Matters More teams are moving models into longer workflows: read the request, inspect the code, run tests, check logs, fix the issue, verify again, and write the summary. The hard part is that real work is rarely text-only. Frontend bugs come with screenshots. Dashboards come with tables and charts. Debugging comes with terminal output, browser state,
The least interesting thing an AI coding agent can do now is generate code. That sounds harsher than I mean it. Generation still matters. Better models still matter. Faster edits still matter. But if you have used these tools on a real codebase, not a demo repo with three files and no history, you already know where the pain moved. The bottleneck is not "can the model write a React component?" The bottleneck is "does the agent understand why this repo is weird?" Real repos are full of weirdness. Naming conventions nobody wrote down. Migration leftovers. Feature flags with political history. Tests that exist because of one brutal production incident. API boundaries that look accidental until you remove them and break billing. A hundred tiny facts that separate a useful change from a confident mess. Coding agents are getting much better at editing files. The next stack has to get better at making the system legible before the edit starts. Bigger context windows are not the same as understanding The lazy answer is to throw more context at the model. Give it the whole repo. Add the README. Add the docs. Add the last five tickets. Add the architecture decision records. Add the transcript from the previous session. Add the test output. Add the package lock, because why not. That works until it does not. A larger context window can hold more text. It does not automatically turn that text into a map. It does not know which files are architectural boundaries and which are incidental wrappers. It does not know that one directory is deprecated unless the repo says so clearly. It does not know that a scary-looking validation branch is protecting a partner integration from 2021. More context can even make the problem worse. You get the pleasant illusion that the agent has seen everything, while the useful signal is buried under raw file dumps and old notes. Repo understanding needs structure. That is why tools that turn codebases into graphs, domain maps, guided tours, semantic
The fix was one line. if not items: return [] Enter fullscreen mode Exit...
Crypto APIs are no longer just tools for fetching Bitcoin prices. In 2026, they are becoming the...
submitted by /u/wineandcode [link] [留言]
Since the early days of GenAI, when ChatGPT launched in late 2022, we began using prompt engineering to direct chatbots (and later LLMs) with human language instructions to provide us answers to questions or take actions (in a high-level…) In 2025, companies such as OpenAI and Anthropic began releasing a new agentic concept called “AI Agent”, an autonomous system that uses an AI model as its "brain" to perceive an environment, make independent decisions, and execute multi-step tasks using digital tools. Unlike passive chatbots that just answer questions, an agent can plan its own workflow, run commands, and browse the web to achieve a specific goal without constant human supervision. In this blog post, I will explain the concept of Context-as-Code and share some coding examples. Introducing Context-as-Code Traditional prompting is a one-way street. You type out your instructions, send them off, and that text never changes. AI agents operate completely differently. Because they work on their own, every action they take creates a mountain of new data. Every time an agent opens a file, checks an error, or runs a tool, it adds more information to the pile, which quickly overwhelms a standard chat screen. Context-as-Code treats the agent like a stateless compute engine. Instead of a massive text prompt, we use version-controlled files ( CLAUDE.md , AGENTS.md ) to establish structural boundaries, separating the permanent project rules from the temporary, dynamic session memory. Context-as-Code transforms loose AI prompts into version-controlled engineering assets by using structured Markdown files to establish permanent, auditable boundaries directly within a project repository. The Discovery Stage (Onboarding the Agent) Before an agent writes a single line of code, it must parse the overall project layout. These files act as the "map" for an incoming AI. llms.txt Serves as a lightweight text directory mapped out in Markdown format. Placed at the root of a project or webs
submitted by /u/someone-very-cool [link] [留言]
submitted by /u/yogthos [link] [留言]
submitted by /u/sayyadirfanali [link] [留言]
submitted by /u/yangzhou1993 [link] [留言]
Ever looked at std::any and wondered what’s going on behind the scenes? Beneath the intimidating interface is a classic technique called type erasure: concrete types hidden behind a small, uniform wrapper. Starting from familiar tools like virtual functions and templates, we’ll build a minimal std::any . By the end, you’ll have a clear understanding of how type erasure works under the hood. submitted by /u/david-alvarez-rosa [link] [留言]
I’ve been experimenting with CRTP and ended up with a variation that enforces a strict interface/implementation boundary without friend declarations. The goal was to eliminate boilerplate I frequently encountered when trying to encapsulate derived class methods. The key idea is using C++23 explicit object parameters this + a small access wrapper type so implementations can only be called through the interface layer. That was about two and a half months ago. Since, I’ve taken the time to better understand it and write an article about it, which you can find below. As explained there, I refer to this approach as Exotic CRTP. Example ```cpp // Reference example of the pattern // See: https://medium.com/@felixolivierdumas/exotic-crtp-rethinking-static-polymorphism-with-c-23-89f9e75e8ffd include <iostream> include <type_traits> include <utility> namespace exotic { template<typename... From> struct crtp_access : From... {}; template<typename T> constexpr decltype(auto) as_crtp(T&& obj) noexcept { using crtp_access_t = crtp_access<std::remove_cvref_t<T>>; return static_cast<crtp_access_t&&>(obj); } } struct Base { void interface(this auto&& self) { exotic::as_crtp(self).implementation(); } }; struct Derived : Base { void implementation(this exotic::crtp_access<Derived> self) { std::cout << "Derived implementation" << std::endl; } }; int main() { Derived d; d.interface(); // perfectly works // d.implementation(); -> doesn't work, Derived only allows .interface() } ``` Not sure yet if this is actually useful in real conditions or just a different way of structuring CRTP, but it seems to be genuinely powerful. Full write-up here: https://medium.com/@felixolivierdumas/exotic-crtp-rethinking-static-polymorphism-with-c-23-89f9e75e8ffd Curious how this compares to traditional CRTP + friend patterns in real codebases :) submitted by /u/Mysticatly [link] [留言]
Tenho aproveitado meu tempo sem trabalhar pra estudar, enfim a vida de quem trabalha com tecnologia né? E um dos meus maiores focos tem sido IA, seus usos, como ela entra e pode ser aplicada em áreas diferentes, e todas as novidades que saem todos os dias. Hoje vim compartilhar uma coisa bem legal que aprendi no curso AI-Native Engineering Foundations do Addy Osmani , o problema dos 70%. Existe um padrão claro que tenho observado na prática ao acompanhar dezenas de equipes de engenharia: a Inteligência Artificial resolve com impressionante eficiência 70% de quase qualquer tarefa técnica. Falo daquela camada previsível, repetitiva e baseada em padrões exaustivamente documentados na internet. Coisas como código boilerplate, arquivos de configuração, implementações de CRUDs simples, conversão de sintaxe entre linguagens e a escrita de testes unitários básicos. A IA já "viu" milhões de exemplos disso em repositórios públicos e consegue reproduzir o padrão em segundos. Para essa fatia do trabalho, ela é uma aceleradora fantástica. O grande problema, e o motivo pelo qual muitos projetos com IA começam bem mas falham no meio, é que os outros 30% são justamente os que sustentam o software. É nesses 30% que entram as decisões que inteligência nenhuma consegue tomar sozinha: Contexto de Negócio: A IA não sabe por que aquela feature está sendo construída ou como ela impacta o usuário final. Arquitetura e Manutenibilidade: Escrever código que funciona hoje é fácil; escrever código que outra pessoa consegue alterar daqui a seis meses sem quebrar o sistema é outra história. Casos de Borda e Segurança: A IA tende a gerar o "caminho feliz". Tratar falhas de concorrência, vazamento de memória e vulnerabilidades específicas do seu ecossistema exige malícia técnica. Essas questões não se resolvem apenas digitando linhas de código, elas exigem contexto, experiência, histórico de dores passadas e, acima de tudo, julgamento humano. E é exatamente aqui que a IA ainda não entrega. O Parado
submitted by /u/NoPercentage6144 [link] [留言]
When most people think about Java, they immediately picture enterprise applications, banking systems, massive backend services, or decades-old corporate software. While Java has earned its reputation in the enterprise world, that is only part of the story. Today, Java can run on devices as small as a Raspberry Pi, opening the door to hardware projects, edge computing, home automation, education, and hands-on learning experiences. Combining Java with Raspberry Pi creates a powerful platform for experimentation, learning, and building real-world solutions that go far beyond traditional enterprise development. Raspberry Pi teaches us about hardware. Java allows us to apply professional software engineering practices to that hardware. Together, they create a powerful platform for learning, prototyping, and building real-world IoT and edge computing solutions. Java Is More Than Enterprise Software Java's enterprise success has sometimes created the misconception that it only belongs in large organizations. In reality, modern Java offers: Excellent support for Linux and ARM architectures. High performance and low resource consumption. Modern frameworks such as Spring Boot, Quarkus, and Micronaut. Strong support for IoT and edge computing. Access to hardware through mature libraries. One of the largest developer ecosystems in the world. The Raspberry Pi highlights a different side of Java—one focused on creativity, experimentation, and direct interaction with the physical world. Instead of building another web application, you can build systems that sense, react, and interact with their environment. Java at the Edge One of the most exciting technology trends today is Edge Computing. Traditionally, devices send data to cloud services where processing and decision-making occur. Edge computing shifts part of that processing closer to where the data is generated. A Raspberry Pi running Java can: Process sensor data locally. Apply business rules before sending information to th
submitted by /u/goto-con [link] [留言]
submitted by /u/cekrem [link] [留言]
submitted by /u/chkas [link] [留言]
I've been running AI infrastructure for startups long enough to know one painful truth: when you're iterating fast, GPU costs will eat your runway before your product finds product-market fit. Last quarter alone, I watched a promising seed-stage company burn through $12,000 on self-hosted inference before they had 100 paying users. That's not scale — that's a funeral. Let me share what I've learned about making open-source models production-ready without bleeding cash. This isn't theory. This is what I've deployed across three startups, and it's saved us roughly 70% on inference costs while keeping our iteration speed at hyperscale. The Real Cost of Self-Hosting (Spoiler: It's Not Just GPUs) Here's the thing nobody tells you about self-hosting. The GPU rental is just the headline number. The real cost — the one that kills startups — is the hidden infrastructure tax. Model GPU Requirements Cloud Rental (Monthly) On-Prem (Amortized) 7-9B 1× A100 40GB $400-800 $200-400 13-14B 1× A100 80GB $600-1,200 $300-600 27-32B 2× A100 80GB $1,000-2,000 $500-1,000 70-72B 4× A100 80GB $2,000-4,000 $1,000-2,000 200B+ 8× A100 80GB $4,000-8,000 $2,000-4,000 Cloud pricing based on Lambda Labs / RunPod / Vast.ai reserved instances. But here's the kicker — and I learned this the hard way after two months of burning cash on a 32B model that got 50 requests per day: Hidden Cost Monthly Estimate GPU servers (idle or loaded) $400-8,000 Load balancer / API gateway $50-200 Monitoring & alerting $50-200 DevOps engineer time (partial) $500-3,000 Model updates & maintenance $100-500 Electricity (on-prem) $200-1,000 Total hidden costs $900-4,900/month That DevOps line alone is brutal. At scale, you need someone who can handle model updates, handle crashes at 3 AM, and optimise inference. At a startup, that's either your CTO (me) or a contractor who costs $150/hour. Neither is sustainable when you're trying to ship. The Break-Even Math That Changed My Architecture Decisions I ran these numbers befor